Security: freescout-help-desk/freescout
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Unauthenticated RCE in FreeScout via arbitrary php_path execution in tools.phpGHSA-jx2w-fhmw-rg39 published
May 4, 2026 by freescout-help-deskHigh -
User invitation hash never expires: permanent unauthenticated account takeover if invite link leaksGHSA-hqff-cwx7-3jpm published
Apr 24, 2026 by freescout-help-deskCritical -
IDOR: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472)GHSA-f489-qxv6-gvgg published
Apr 24, 2026 by freescout-help-deskModerate -
Stored XSS in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML contentGHSA-q3fh-rj9h-jfrc published
Apr 24, 2026 by freescout-help-deskHigh -
SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata accessGHSA-22wf-848c-c856 published
Apr 24, 2026 by freescout-help-deskHigh -
Non-folder conversation queries disclose assigned-only hidden conversationsGHSA-7rh8-9rgv-g35r published
Apr 18, 2026 by freescout-help-deskModerate -
Assigned-only visibility bypass allows editing hidden customer-authored threadsGHSA-4h5p-7f5c-q7gj published
Apr 18, 2026 by freescout-help-deskHigh -
Assigned-only visibility bypass via save_draft allows hidden conversation draft injectionGHSA-vj2p-2789-3747 published
Apr 18, 2026 by freescout-help-deskHigh -
Signature only mailbox permission allows unauthorized mailbox chat setting changesGHSA-wpv9-c2gv-2j82 published
Apr 18, 2026 by freescout-help-deskModerate -
Client-controlled attachment IDs allow deletion of existing conversation attachmentsGHSA-cv36-2j23-x6g3 published
Apr 18, 2026 by freescout-help-deskHigh